By Sramana Mitra and guest author Shaloo Shalini
SM: Moving on to the topic of integration, when you put together your cloud strategy, there are a lot of different pieces that need to come together. How do you deal with integration? In terms of strategy, what do you do for integration?
MA: To some degree, we have kept things simple. We had the luxury of setting up the cloud long before there were a lot of expectations for it. I think this, in one way, makes things easier for us. But as we talked about earlier, [this approach] makes it harder for users such that they have to have the experience with our systems.
Our users, the researchers, are told about the environment that is available for them to use, and integration is left to them. The users are the ones who are responsible for their own integration other than the core building blocks that they will be able to get to say file storage from anywhere. We manage storage for users. We also integrate with our authentication system so that they use their own user name and password when they access cloud-based computing resources. Other than that, there isn’t much tight coupling between this research IT cloud and many of the other services in the school, which will require a much tighter integration.
[Note to readers: You can find more information on the kind of software used and other IT support services provided by HMS IT team here.]
SM: I see. What about the security of the cloud-based resources and lab infrastructure at HMS?
MA: Well, again, we partly sidestep the topic of security and issues related to security to some degree by not allowing any patient or individual identifiable information into the cloud. Users are responsible for ensuring that. We are also required by State of Massachusetts law to encrypt any mobile device, but that is less about the security of the cloud and more because the most common way in which access theft could happen as people leave credentials on the laptop and take it away. Otherwise, we use appropriate levels of security that you would expect, say, password screen locks and encrypted connections. People have their own work spaces, and they are separate from others. You cannot view other people’s files or data. People are required to follow our IT policies and not share their passwords or any of their other credentials with anyone. Security is not the hard part of what we do, I would say.
SM: Let me ask you a follow-up question. I live next to Stanford in Menlo Park, California. Our hospital for whatever reason is the Stanford hospital. Stanford is both a clinic and a teaching hospital. Whenever they do any kind of imaging work or create any medical records for patients – be it pathology or imaging – they always ask patients whether that data can be released to Stanford’s research teams. That is a highly security intensive question, right?
MA: Right. That’s again related to HMS’s core business in that we don’t run any clinics. We don’t allow that type of data onto our network. We are pretty much pledged up on that issue because if we were talking about patient data, even about informed consensus, that requires security. In that case, security would be a big part of what we do.
SM: So all your research happens without any patient data at all?
MA: Yes. Because it is almost all life sciences, genetics, sequence analysis, simulations of zebra fish and almost all pure life sciences don’t involve any patient data.
SM: That’s very interesting to know.
[Note to readers: We noticed that HMS hosted Personal Genome Project (PGP), which has sequenced and published the exomes of ten people so far and is aiming to do whole-genome sequencing for one hundred volunteers. PGP-like projects may not be using their cloud computing resources today, but there are other wide open opportunities for venture capitalists and cloud entrepreneurs. The demand for personal genomic products and services could be enormous; for example, the market for weight-loss products is $40 billion a year. See p. 8 of this document on Genomic Revolution here.]